Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added easy impersonate route while in development mode

This commit is contained in:
Robin Ward 2014-10-07 12:25:25 -04:00
parent 305830eb44
commit 1252e7324f
3 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/session_controller.rb
View File

@ -3,7 +3,7 @@ require_dependency 'rate_limiter'
class SessionController < ApplicationController class SessionController < ApplicationController
skip_before_filter :redirect_to_login_if_required skip_before_filter :redirect_to_login_if_required
skip_before_filter :check_xhr, only: ['sso', 'sso_login'] skip_before_filter :check_xhr, only: ['sso', 'sso_login', 'become']
def csrf def csrf
render json: {csrf: form_authenticity_token } render json: {csrf: form_authenticity_token }
@ -17,6 +17,17 @@ class SessionController < ApplicationController
end end
end end
# For use in development mode only when login options could be limited or disabled.
# NEVER allow this to work in production.
def become
raise Discourse::InvalidAccess.new unless Rails.env.development?
user = User.find_by_username(params[:session_id])
raise "User #{params[:session_id]} not found" if user.blank?
log_on_user(user)
redirect_to "/"
end
def sso_login def sso_login
unless SiteSetting.enable_sso unless SiteSetting.enable_sso
render nothing: true, status: 404 render nothing: true, status: 404

3
config/routes.rb
View File

@ -177,7 +177,8 @@ Discourse::Application.routes.draw do
get "email/unsubscribe/:key" => "email#unsubscribe", as: "email_unsubscribe" get "email/unsubscribe/:key" => "email#unsubscribe", as: "email_unsubscribe"
post "email/resubscribe/:key" => "email#resubscribe", as: "email_resubscribe" post "email/resubscribe/:key" => "email#resubscribe", as: "email_resubscribe"
resources :session, id: USERNAME_ROUTE_FORMAT, only: [:create, :destroy] do resources :session, id: USERNAME_ROUTE_FORMAT, only: [:create, :destroy, :become] do
get 'become'
collection do collection do
post "forgot_password" post "forgot_password"
end end

18
spec/controllers/session_controller_spec.rb
View File

@ -2,6 +2,24 @@ require 'spec_helper'
describe SessionController do describe SessionController do
describe 'become' do
let!(:user) { Fabricate(:user) }
it "does not work when not in development mode" do
Rails.env.stubs(:development?).returns(false)
get :become, session_id: user.username
response.should_not be_redirect
session[:current_user_id].should be_blank
end
it "works in developmenet mode" do
Rails.env.stubs(:development?).returns(true)
get :become, session_id: user.username
response.should be_redirect
session[:current_user_id].should == user.id
end
end
describe '.sso_login' do describe '.sso_login' do
before do before do